Online Security – Cloud Services
Recently Dropbox the popular data syncing service inadvertently allowed access to all of its 25 million user’s accounts with no password. In other words, anyone could login to any account without knowing the password.
This is the latest in a string of security problems at Dropbox. Unfortunately they are not alone; other popular cloud services like LastPass the password syncing service and others have had security blunders or have been outright hacked.
Better known still is the recent hack of Sony’s Play Station Network allowing the private identity information of millions of users to escape into the wild. There have been countless examples of this and it’s only going to get worse.
Many of us are becoming increasingly dependent and trusting of online services. We will now put even our most private data on a service on the Internet for safekeeping and convenience. Just a few years ago most of us would have considered much of this unthinkable. Now it’s quickly becoming the new normal.
Combine the ever-increasing security concerns with questionable motivation of the cloud service providers and things look even more concerning.
Here’s an example from July 1st where Dropbox changed their terms of service to include the following statement:
‘By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service.’
While the intent may well be harmless, it’s a bit unsettling when you consider what these services are used for. I’m just using Dropbox as an example, other ‘cloud services’ have their own issues.
My point here isn’t that we should all go back to storing all our data on floppy disks in a desk drawer, but rather we need to be careful as we move into the cloud. Just because a service sounds like a good idea, fills a need and your friends are using it, doesn’t mean we should be ‘all in’ on every good idea. It takes more than a good smart phone app to make a solid, trustworthy service.
Do your homework before agreeing to the terms of service. Understand the company and the service before you start sending your data out to them then pay attention to the service after the fact.